- VAST - a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, videojak, videosnarf and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, and Hydra.

- Network Security Toolkit - The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.

- Matriux - fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more.

- Samurai - The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

- WeakNet Linux - designed primarily for penetration testing, forensic analysis and other security tasks.
The tools selected are those that the developer feels are used most often in pen-tests. A sample of those included are: BRuWRT-FORSSE v2.0, Easy-SSHd, Web-Hacking-Portal v2.0, Perlwd, Netgh0st v3.0, YouTube-Thief!, Netgh0st v2.2, DomainScan, ADtrace, Admin-Tool, Tartarus v0.1.

- Puck - GNU/Linux distribution distributed as a Live CD based on TinyCoreLinux. It contains top penetration testing tools.

- Metasploitable - an Ubuntu server install on a VMWare image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

Scanners

- Nmap - free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

- hping - command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

- Natprobe - This little, but very usefull program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network (or others), for example hosts that allow p2p connections.

- MSSQLScan - A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports.

- FindDomains - multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses.

- keimpx - It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be: Combination of user / plain-text password, Combination of user / NTLM hash, Combination of user / NTLM logon session token.

- StreamArmor - sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system.

- NSDECODER - automated website malware detection tools. It can be used to decode and analyze weather the URL exist malware. Also, NSDECODER will analyze which vulnerability been exploit and the original source address of malware.

- wireshark - world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

- tcpdump - prints out a description of the contents of packets on a network interface that match the boolean expression.

- Yamas - a tool that aims at facilitating mitm attacks by automating the whole process from setting up ip forwarding and modifying iptables, to the ARP cache poisoning

Spoofing

- arpspoof - may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether.

- dnsspoof - forges replies to arbitrary DNS address / pointer queries on the internal LAN. This is useful in bypassing host name based access controls, or in implementing a variety of efficient network controls.

- Nebula - network intrusion signature generator. It can help securing a network by automatically deriving and installing filter rules from attack traces. In a common setup, nebula runs as a daemon and receives attacks from honeypots. Signatures are currently published in Snort format.

- suricata - The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

- Osiris - Host Integrity Monitoring System that periodically monitors one or more hosts for change. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system.

- Sagan - multi-threaded, real time system and event log monitoring system, but with a twist. Sagan uses a "Snort" like rule set for detecting bad things happening on your network and/or computer systems. If Sagan detects a "bad thing" happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system.

- Snorby - new and modern Snort IDS front-end. The basic fundamental concepts behind snorby are simplicity and power.

- ArpON - portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.

Firewalls

- iQfire-wall - framework that implements a network firewall. It can be used in desktop systems and in simple network configurations, providing a friendly graphical interface and a simple installation procedure. Also unprivileged users can personalize.

- Firestarter - Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

- GreenSQL - Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL provides MySQL database security solution.

- Flint - examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can: CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can't match traffic; ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules; SANITY CHECK CHANGES to see if new rules create problems.

Honeypots

- HoneyDrive - virtual hard disk drive (VMDK format) with Ubuntu Server. It contains various honeypot systems such as Kippo SSH honeypot, Dionaea malware honeypot and Honeyd. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.

- OpenVAS - Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

- Seccubus - runs Nessus scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI when findingscan be easily marked as either real findings or non-issues. Non issues get ignored untill they change. This causes a dramaticreduction a analysis time.

- GrokEVT - collection of scripts built for reading Windows® NT/2K/XP/2K3 event log files. GrokEVT is released under the GNU GPL, and is implemented in Python.

- Flawfinder - program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.

- KrbGuess - small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment.

- keimpx - keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credentials across a network over SMB.

- Buck Security - collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system.

- DllHijackAuditor - smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

- Mantra - a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc.

- MysqlPasswordAuditor - FREE Mysql password recovery and auditing software. Mysql is one of the popular and powerful database software used by most of the web based and server side applications.

PDFs

- origami - Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

- PDFResurrect - tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document.

File vulnerabilities checkers

- OfficeCat) - command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.

- Weevely - stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

- Nikto - Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers.

- Wapiti - It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

- Wfuzz - is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing, etc.

- WebSlayer - tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and a easy and powerful results analyzer.

- Watir - drives browsers the same way people do. It clicks links, fills in forms, presses buttons. Watir also checks results, such as whether expected text appears on the page.

- uwss - web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.

- WebSecurity Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies (viene para Win/Linux/Mac!).

- XSS Tunnelling - the tunnelling of HTTP traffic through an XSS Channel to use virtually any application that supports HTTP proxies.

- CeWL - ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

- fimap - little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps.

- w3af - Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

- WAFP - WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a Web Application.

- Sahi - automation and testing tool for web applications, with the facility to record and playback scripts. Sahi runs on any modern browser which supports javascript.

- Arachni - feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process.

- sessionthief - performs HTTP session cloning by cookie stealing. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. The program will start a new instance of firefox for each session hacked, and let you control the login of all of them at once.

- BlindElephant - The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

- WebScarab - WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

- Burp proxy - Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions. Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

- Paros Proxy - Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

- Odysseus - proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission.

- SPIKE Proxy - professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it's completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on.

- WATOBO - intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.

- Mallory - transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.

- ProxyStrike - an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application.

- Zed Attack Proxy (ZAP) - an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

- Vega - open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities.

- SWFIntruder - SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime.

- Flare - Flare is a free ActionScript decompiler. It decompiles SWFs produced by Macromedia Flash, including Flash MX 2004 and Flash 8.

- MTASC - MTASC is the first ActionScript 2 Open Source free compiler.

- Flasm - Flasm is a free command line assembler/disassembler of Flash ActionScript bytecode. It lets you make changes to any SWF. Flasm fully supports SWFs produced by Macromedia Flash 8 and earlier Flash versions.

- swfmill - swfmill is an xml2swf and swf2xml processor with import functionalities.

- FireGPG - Firefox extension under MPL that provides an integrated interface to apply GnuPG operations to the text of any web page, including encryption, decryption, signing, and signature verification..

- SSLDigger - SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure.

- Bruter - parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

- Imposter - flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself. When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim.

- Social-Engineering Toolkit (SET) - python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Security Defense

- AppArmor - effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited.

- Nagios - monitors your entire IT infrastructure to ensure systems, applications, services, and business processes are functioning properly. In the event of a failure, Nagios can alert technical staff of the problem, allowing them to begin remediation processes before outages affect business processes, end-users, or customers.

- ntop - network traffic probe that shows the network usage, similar to what the popular top Unix command does.

- GreenSQL - designed to protect databases (PostgreSQL/MySQL) against SQL injection attacks and other unauthorised changes, in a similar fashion to a firewall protecting a network against TCP/IP outside attacks. The new version also provides a graphical user interface for monitoring the database firewall.

- MS MiniFuzz - very simple fuzzer designed to ease adoption of fuzz testing by non-security people who are unfamiliar with file fuzzing tools or have never used them in their current software development processes.

- MS BinScope - Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations.

- Digital Forensics Analysis - a simple but powerful open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc.

- EnCase Forensic Tool - From the simplest requirements to the most complex, EnCase Forensic is the premier computer forensic application on the market.

Bypass

- Pass-The-Hash - The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes

- Damn Vulnerable Web App (DVWA) - PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

- Mutillidae - Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10

- moth - VMware image with a set of vulnerable Web Applications and scripts, that you may use for Testing Web Application Security Scanners, Testing Static Code Analysis tools (SCA) and Giving an introductory course to Web Application Security.

- pwnat - pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other.

1 comentarios:

IT companies are gaining popularity with every passing day and tend to grow at a rapid speed.Software development company procedures are getting purifies and verified with a brilliant merge of existing and new technologies everyday. Due to the massive demand of automation and perfection, many organizations are now opting outsourcing software development in order to meet their business needs.